cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-4395,https://securityvulnerability.io/vulnerability/CVE-2020-4395,,IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 179358.,IBM,Security Access Manager Appliance,6.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-10-14T17:15:00.000Z,0
CVE-2019-4725,https://securityvulnerability.io/vulnerability/CVE-2019-4725,,IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172131.,IBM,Security Access Manager Appliance,6.1,MEDIUM,0.000699999975040555,false,,false,false,false,,,false,false,,2020-10-06T16:15:00.000Z,0
CVE-2020-4461,https://securityvulnerability.io/vulnerability/CVE-2020-4461,,IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. IBM X-Force ID: 181481.,IBM,Security Access Manager Appliance,6.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-05-20T13:15:00.000Z,0
CVE-2019-4707,https://securityvulnerability.io/vulnerability/CVE-2019-4707,,IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018.,IBM,Security Access Manager Appliance,7.1,HIGH,0.0011599999852478504,false,,false,false,false,,,false,false,,2020-01-28T19:15:00.000Z,0
CVE-2018-1805,https://securityvulnerability.io/vulnerability/CVE-2018-1805,,"IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 149704.",IBM,Security Access Manager Appliance,4.3,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2018-12-13T16:29:00.000Z,0
CVE-2018-1813,https://securityvulnerability.io/vulnerability/CVE-2018-1813,,"IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 150017.",IBM,Security Access Manager Appliance,4.3,MEDIUM,0.0005099999834783375,false,,false,false,false,,,false,false,,2018-12-13T16:29:00.000Z,0
CVE-2018-1814,https://securityvulnerability.io/vulnerability/CVE-2018-1814,,"IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 150018.",IBM,Security Access Manager Appliance,5.9,MEDIUM,0.0010600000387057662,false,,false,false,false,,,false,false,,2018-12-13T16:29:00.000Z,0
CVE-2018-1815,https://securityvulnerability.io/vulnerability/CVE-2018-1815,,"IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 for Enterprise Single-Sign On is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150019.",IBM,Security Access Manager Appliance,6.1,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2018-12-13T16:29:00.000Z,0
CVE-2018-1887,https://securityvulnerability.io/vulnerability/CVE-2018-1887,,"IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 152078.",IBM,Security Access Manager Appliance,5.9,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2018-12-13T16:29:00.000Z,0
CVE-2018-1740,https://securityvulnerability.io/vulnerability/CVE-2018-1740,,"IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148419.",IBM,Security Access Manager Appliance,5.4,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2018-12-13T16:29:00.000Z,0
CVE-2018-1803,https://securityvulnerability.io/vulnerability/CVE-2018-1803,,"IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 149702.",IBM,Security Access Manager Appliance,6.1,MEDIUM,0.0009699999936856329,false,,false,false,false,,,false,false,,2018-12-13T16:29:00.000Z,0
CVE-2018-1804,https://securityvulnerability.io/vulnerability/CVE-2018-1804,,"IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 149703.",IBM,Security Access Manager Appliance,3.7,LOW,0.0006200000061653554,false,,false,false,false,,,false,false,,2018-12-13T16:29:00.000Z,0
CVE-2018-1653,https://securityvulnerability.io/vulnerability/CVE-2018-1653,,"IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144726.",IBM,Security Access Manager Appliance,5.4,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2018-12-13T16:29:00.000Z,0
CVE-2018-1886,https://securityvulnerability.io/vulnerability/CVE-2018-1886,,"IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 152021.",IBM,Security Access Manager Appliance,5.3,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2018-12-13T16:29:00.000Z,0
CVE-2018-1850,https://securityvulnerability.io/vulnerability/CVE-2018-1850,,"IBM Security Access Manager Appliance 9.0.3.1, 9.0.4.0 and 9.0.5.0 could allow unauthorized administration operations when Advanced Access Control services are running. IBM X-Force ID: 150998.",IBM,Security Access Manager Appliance,8.8,HIGH,0.00171999994199723,false,,false,false,false,,,false,false,,2018-10-22T12:29:00.000Z,0
CVE-2018-1722,https://securityvulnerability.io/vulnerability/CVE-2018-1722,,IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federation services are running. IBM X-Force ID: 147370.,IBM,Security Access Manager Appliance,10,CRITICAL,0.0070500001311302185,false,,false,false,false,,,false,false,,2018-08-24T10:29:00.000Z,0
CVE-2014-4823,https://securityvulnerability.io/vulnerability/CVE-2014-4823,,"The administration console in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject system commands via unspecified vectors.",IBM,"Security Access Manager For Web 7.0 Firmware,Security Access Manager For Web Appliance",,,0.02085999958217144,false,,false,false,false,,,false,false,,2014-10-03T01:00:00.000Z,0
CVE-2014-6079,https://securityvulnerability.io/vulnerability/CVE-2014-6079,,"Cross-site scripting (XSS) vulnerability in the Local Management Interface in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, and Security Access Manager for Mobile 8.x before 8.0.0-ISS-ISAM-FP0005, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.",IBM,"Security Access Manager For Mobile 8.0 Firmware,Security Access Manager For Mobile Appliance",,,0.0028699999675154686,false,,false,false,false,,,false,false,,2014-10-03T01:00:00.000Z,0
CVE-2014-4809,https://securityvulnerability.io/vulnerability/CVE-2014-4809,,"The WebSEAL component in IBM Security Access Manager for Web 7.x before 7.0.0-ISS-WGA-IF0009 and 8.x before 8.0.0-ISS-WGA-FP0005, when e-community SSO is enabled, allows remote attackers to cause a denial of service (component hang) via unspecified vectors.",IBM,"Security Access Manager For Web 8.0 Firmware,Security Access Manager For Web Appliance",,,0.006440000142902136,false,,false,false,false,,,false,false,,2014-10-03T01:00:00.000Z,0
CVE-2014-3073,https://securityvulnerability.io/vulnerability/CVE-2014-3073,,Unspecified vulnerability in IBM Security Access Manager (ISAM) for Mobile 8.0 and IBM Security Access Manager for Web 7.0 and 8.0 allows remote attackers to execute arbitrary code via unknown vectors.,IBM,"Security Access Manager For Web Appliance,Security Access Manager For Mobile Software,Security Access Manager For Web Software,Security Access Manager For Mobile Appliance",,,0.01638999953866005,false,,false,false,false,,,false,false,,2014-06-21T15:00:00.000Z,0
CVE-2014-3052,https://securityvulnerability.io/vulnerability/CVE-2014-3052,,"The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL encryption settings that lack NIST SP 800-131A compliance.",IBM,"Security Access Manager For Web 8.0 Firmware,Security Access Manager For Web Appliance",,,0.0030499999411404133,false,,false,false,false,,,false,false,,2014-06-21T15:00:00.000Z,0
CVE-2014-3053,https://securityvulnerability.io/vulnerability/CVE-2014-3053,,"The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials.",IBM,"Security Access Manager For Web 8.0 Firmware,Security Access Manager For Web Appliance",,,0.008659999817609787,false,,false,false,false,,,false,false,,2014-06-21T15:00:00.000Z,0
CVE-2014-0963,https://securityvulnerability.io/vulnerability/CVE-2014-0963,,The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in IBM Security Access Manager (ISAM) for Web 7.0 before 7.0.0-ISS-SAM-IF0006 and 8.0 before 8.0.0.3-ISS-WGA-IF0002 allows remote attackers to cause a denial of service (infinite loop) via crafted SSL messages.,IBM,"Security Access Manager For Web Appliance,Security Access Manager For Web Software",,,0.06769999861717224,false,,false,false,false,,,false,false,,2014-05-08T10:00:00.000Z,0